CVE-2000-1008
published 2000-12-11CVE-2000-1008: PalmOS 3.5.2 and earlier uses weak encryption to store the user password, which allows attackers with physical access to the Palm device to decrypt the…
PriorityP416medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
0.54%
41.3th percentile
PalmOS 3.5.2 and earlier uses weak encryption to store the user password, which allows attackers with physical access to the Palm device to decrypt the password and gain access to the device.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palm | palm_os | <= 3.5.2 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Palm OS 3.5.2 - Weak Encryption
exploitdb·2000-09-26
CVE-2000-1008 Palm OS 3.5.2 - Weak Encryption
Palm OS 3.5.2 - Weak Encryption
---
source: https://www.securityfocus.com/bid/1715/info
Palm OS is shipped with a security feature which enables a user to set password protection on various applications.The HotSync process allows a user to connect to a machine on the network through their Palm device. This process involves the device to send the encoded password to the HotSync Manager or HotSync Network Server on the network. The purpose of this transmission is to verify the password protection is still enabled when applications are being accessed from the network.
The encoded password block is stored in the 'Unsaved Preferences' database on the Palm device. Due to a weak encryption scheme, it is possible to decrypt the password block into the actual ASCII format with the use of an exp
Exploit-DB
Corel Linux OS 1.0 - 'setxconf' Local Privilege Escalation
exploitdb·2000-02-24
CVE-2000-0195 Corel Linux OS 1.0 - 'setxconf' Local Privilege Escalation
Corel Linux OS 1.0 - 'setxconf' Local Privilege Escalation
---
source: https://www.securityfocus.com/bid/1008/info
A vulnerability exists in the setxconf utility, as shipped with Corel Linux 1.0. The -T option to setxconf will run xinit, which euid root. xinit, when executed, will invoke the contents on ~/.xserverrc. A malicious user could therefore execute commands as root.
cat > ~/.xserverrc
echo "+ +" > /.rhosts
No writeups or analysis indexed.
2000-12-11
Published